RSH() RSH()
NAME
rsh - remote shell
SYNOPSIS
rsh host [-l username] [-n] [-d] [-k realm] [-f | -F] [-x] [-PN | -PO] command
DESCRIPTION
Rsh connects to the specified host, and executes the specified command. Rsh copies its
standard input to the remote command, the standard output of the remote command to its
standard output, and the standard error of the remote command to its standard error. This
implementation of rsh will accept any port for the standard error stream. Interrupt, quit
and terminate signals are propagated to the remote command; rsh normally terminates when
the remote command does.
Each user may have a private authorization list in a file .k5login in his login directory.
Each line in this file should contain a Kerberos principal name of the form princi-
pal/instance@realm. If there is a ~/.k5login file, then access is granted to the account
if and only if the originater user is authenticated to one of the princiapls named in the
~/.k5login file. Otherwise, the originating user will be granted access to the account if
and only if the authenticated principal name of the user can be mapped to the local
account name using the aname -> lname mapping rules (see krb5_anadd(8) for more details).
OPTIONS-l username
sets the remote username to username. Otherwise, the remote username will be the
same as the local username.
-x causes the network session traffic to be encrypted.
-f cause nonforwardable Kerberos credentials to be forwarded to the remote machine for
use by the specified command. They will be removed when command finishes. This
option is mutually exclusive with the -F option.
-F cause forwardable Kerberos credentials to be forwarded to the remote machine for
use by the specified command. They will be removed when command finishes. This
option is mutually exclusive with the -f option.
-k realm
causes rsh to obtain tickets for the remote host in realm instead of the remote
host's realm as determined by krb_realmofhost(3).
-d turns on socket debugging (via setsockopt(2)) on the TCP sockets used for communi-
cation with the remote host.
-n redirects input from the special device /dev/null (see the BUGS section below).
-PN
-PO Explicitly request new or old version of the Kerberos ``rcmd'' protocol. The new
protocol avoids many security problems found in the old one, but is not interopera-
ble with older servers. (An "input/output error" and a closed connection is the
most likely result of attempting this combination.) If neither option is speci-
fied, some simple heuristics are used to guess which to try.
If you omit command, then instead of executing a single command, you will be logged in on
the remote host using rlogin(1).
Shell metacharacters which are not quoted are interpreted on the local machine, while
quoted metacharacters are interpreted on the remote machine. Thus the command
rsh otherhost cat remotefile >> localfile
appends the remote file remotefile to the local file localfile, while
rsh otherhost cat remotefile ">>" otherremotefile
appends remotefile to otherremotefile.
FILES
/etc/hosts
~/.k5login (on remote host) - file containing Kerberos principals that are allowed
access.
SEE ALSOrlogin(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3)BUGS
If you are using csh(1) and put a rsh(1) in the background without redirecting its input
away from the terminal, it will block even if no reads are posted by the remote command.
If no input is desired you should redirect the input of rsh to /dev/null using the -n
option.
You cannot run an interactive command (like rogue(6) or vi(1)); use rlogin(1).
Stop signals stop the local rsh process only; this is arguably wrong, but currently hard
to fix for reasons too complicated to explain here.
RSH()